[PATCH 4.3 056/125] nl80211: Fix potential memory leak from parse_acl_data

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Ola Olsson <ola.olsson@sonymobile.com>,
	Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH 4.3 056/125] nl80211: Fix potential memory leak from parse_acl_data
Date: Mon,  7 Dec 2015 10:01:09 -0500	[thread overview]
Message-ID: <20151207145755.039153771@linuxfoundation.org> (raw)
In-Reply-To: <20151207145752.225938417@linuxfoundation.org>

4.3-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ola Olsson <ola1olsson@gmail.com>

commit 4baf6bea37247e59f1971e8009d13aeda95edba2 upstream.

If parse_acl_data succeeds but the subsequent parsing of smps
attributes fails, there will be a memory leak due to early returns.
Fix that by moving the ACL parsing later.

Fixes: 18998c381b19b ("cfg80211: allow requesting SMPS mode on ap start")
Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/wireless/nl80211.c |   12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3409,12 +3409,6 @@ static int nl80211_start_ap(struct sk_bu
 					   wdev->iftype))
 		return -EINVAL;
 
-	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
-		params.acl = parse_acl_data(&rdev->wiphy, info);
-		if (IS_ERR(params.acl))
-			return PTR_ERR(params.acl);
-	}
-
 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
 		params.smps_mode =
 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
@@ -3438,6 +3432,12 @@ static int nl80211_start_ap(struct sk_bu
 		params.smps_mode = NL80211_SMPS_OFF;
 	}
 
+	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
+		params.acl = parse_acl_data(&rdev->wiphy, info);
+		if (IS_ERR(params.acl))
+			return PTR_ERR(params.acl);
+	}
+
 	wdev_lock(wdev);
 	err = rdev_start_ap(rdev, dev, &params);
 	if (!err) {

next prev parent reply	other threads:[~2015-12-07 15:01 UTC|newest]

Thread overview: 117+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-07 15:00 [PATCH 4.3 000/125] 4.3.1-stable review Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 001/125] ARM: 8449/1: fix bug in vdsomunge swab32 macro Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 003/125] tipc: linearize arriving NAME_DISTR and LINK_PROTO buffers Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 004/125] net: bcmgenet: Software reset EPHY after power on Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 005/125] ipv4: fix to not remove local route on link down Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 006/125] ipv4: update RTNH_F_LINKDOWN flag on UP event Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 007/125] stmmac: Correctly report PTP capabilities Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 008/125] ipmr: fix possible race resulting from improper usage of IP_INC_STATS_BH() in preemptible context Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 010/125] sit: fix sit0 percpu double allocations Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 011/125] sfc: push partner queue for skb->xmit_more Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 012/125] net: avoid NULL deref in inet_ctl_sock_destroy() Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 013/125] ipv6: clean up dev_snmp6 proc entry when we fail to initialize inet6_dev Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 014/125] ipv4: disable BH when changing ip local port range Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 015/125] net: Fix prefsrc lookups Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 016/125] tun_dst: Fix potential NULL dereference Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 017/125] packet: race condition in packet_bind Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 018/125] bonding: fix panic on non-ARPHRD_ETHER enslave failure Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 019/125] net: fix a race in dst_release() Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 020/125] ARM: 8426/1: dma-mapping: add missing range check in dma_mmap() Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 021/125] ARM: 8427/1: dma-mapping: add support for offset parameter " Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 022/125] ARM: common: edma: Fix channel parameter for irq callbacks Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 023/125] ARM: dts: imx27.dtsi: change the clock information for usb Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 024/125] ARM: tegra: paz00: use con_ids to refer GPIOs in gpiod_lookup table Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 025/125] ARM: at91/dt: corrections to i2c1 declaration to sama5d4 Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 026/125] ARM: at91: pm: at91_pm_suspend_in_sram() must be 8-byte aligned Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 027/125] ARM: dts: Add vbus regulator to USB2 phy nodes on exynos3250, exynos4210 and exynos4412 boards Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 028/125] ARM: dts: Fix WLAN regression on omap5-uevm Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 029/125] ARM: dts: sun6i: hummingbird: Fix VDD-CPU and VDD-GPU regulator names Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 030/125] ARM: pxa: remove incorrect __init annotation on pxa27x_set_pwrmode Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 031/125] MIPS: lantiq: add clk_round_rate() Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 032/125] MIPS: CDMM: Add builtin_mips_cdmm_driver() macro Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 033/125] MIPS: ath79: Fix the DDR control initialization on ar71xx and ar934x Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 034/125] MIPS: KVM: Fix ASID restoration logic Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 035/125] MIPS: KVM: Fix CACHE immediate offset sign extension Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 036/125] MIPS: KVM: Uninit VCPU in vcpu_create error path Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 038/125] kvm: x86: zero EFER on INIT Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 042/125] KVM: x86: obey KVM_X86_QUIRK_CD_NW_CLEARED in kvm_set_cr0() Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 043/125] KVM: x86: work around infinite loop in microcode when #AC is delivered Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 044/125] x86/setup: Fix low identity map for >= 2GB kernel range Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 045/125] x86/irq: Probe for PIC presence before allocating descs for legacy IRQs Greg Kroah-Hartman
2015-12-07 15:00 ` [PATCH 4.3 046/125] x86/cpu: Call verify_cpu() after having entered long mode too Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 047/125] x86/cpu: Fix SMAP check in PVOPS environments Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 048/125] x86/fpu: Fix get_xsave_addr() behavior under virtualization Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 049/125] x86/fpu: Fix 32-bit signal frame handling Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 050/125] x86/mpx: Do proper get_user() when running 32-bit binaries on 64-bit kernels Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 051/125] x86/mpx: Fix 32-bit address space calculation Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 052/125] mac80211: Fix local deauth while associating Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 053/125] mac80211: fix driver RSSI event calculations Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 054/125] mac80211: allow null chandef in tracing Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 055/125] mac80211: fix divide by zero when NOA update Greg Kroah-Hartman
2015-12-07 15:01 ` Greg Kroah-Hartman [this message]
2015-12-07 15:01 ` [PATCH 4.3 057/125] NFC: st-nci: Fix incorrect spi buffer size Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 058/125] NFC: nci: Fix incorrect data chaining when sending data Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 059/125] NFC: nci: Fix improper management of HCI return code Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 060/125] NFC: nci: extract pipe value using NCI_HCP_MSG_GET_PIPE Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 061/125] iwlwifi: pcie: fix (again) prepare card flow Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 062/125] iwlwifi: Add new PCI IDs for the 8260 series Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 063/125] net: mvneta: Fix CPU_MAP registers initialisation Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 064/125] net: mvneta: fix error path for building skb Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 065/125] fs/proc, core/debug: Dont expose absolute kernel addresses via wchan Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 066/125] clk: iproc: Fix PLL output frequency calculation Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 067/125] clk: versatile-icst: fix memory leak Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 068/125] mfd: twl6040: Fix deferred probe handling for clk32k Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 069/125] mwifiex: fix NULL pointer dereference during hidden SSID scan Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 070/125] mwifiex: avoid memsetting PCIe event buffer Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 071/125] mwifiex: fix mwifiex_rdeeprom_read() Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 072/125] staging: rtl8712: Add device ID for Sitecom WLA2100 Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 073/125] Bluetooth: hidp: fix device disconnect on idle timeout Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 074/125] Bluetooth: ath3k: Add new AR3012 0930:021c id Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 075/125] Bluetooth: ath3k: Add support of AR3012 0cf3:817b device Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 076/125] Bluetooth: Fix removing connection parameters when unpairing Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 077/125] Bluetooth: Fix missing hdev locking for LE scan cleanup Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 078/125] can: Use correct type in sizeof() in nla_put() Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 079/125] can: sja1000: clear interrupts on start Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 080/125] arm64: Fix compat register mappings Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 081/125] arm64: page-align sections for DEBUG_RODATA Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 082/125] pinctrl: uniphier: set input-enable before pin-muxing Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 084/125] ath10k: add ATH10K_FW_FEATURE_RAW_MODE_SUPPORT to ath10k_core_fw_feature_str[] Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 085/125] ath10k: use stations current operating mode from assoc request Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 086/125] ath10k: fix invalid NSS for 4x4 devices Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 087/125] s390/kernel: fix ptrace peek/poke for floating point registers Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 088/125] s390/pci: reshuffle struct used to write debug data Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 089/125] KVM: s390: SCA must not cross page boundaries Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 090/125] KVM: s390: fix wrong lookup of VCPUs by array index Greg Kroah-Hartman
2015-12-07 22:10   ` Christian Borntraeger
2015-12-09  3:19     ` Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 091/125] KVM: s390: avoid memory overwrites on emergency signal injection Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 092/125] KVM: s390: enable SIMD only when no VCPUs were created Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 094/125] usb: gadget: net2280: restore ep_cfg after defect7374 workaround Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 095/125] usb: gadget: atmel_usba_udc: Expose correct device speed Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 096/125] usb: dwc3: gadget: let us set lower max_speed Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 097/125] usb: chipidea: otg: gadget module load and unload support Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 098/125] usb: dwc3: pci: Add the Synopsys HAPS AXI Product ID Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 099/125] usb: dwc3: pci: Add the PCI Product ID for Synopsys USB 3.1 Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 100/125] usb: dwc3: Support Synopsys USB 3.1 IP Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 101/125] usb: dwc3: pci: Add platform data for Synopsys HAPS Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 102/125] usb: dwc3: Add dis_enblslpm_quirk Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 103/125] usb: dwc3: pci: Set enblslpm quirk for Synopsys platforms Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 104/125] usb: chipidea: imx: refine clock operations to adapt for all platforms Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 105/125] usb: chipidea: debug: disable usb irq while role switch Greg Kroah-Hartman
2015-12-07 15:01 ` [PATCH 4.3 106/125] ALSA: usb: Add native DSD support for Aune X1S Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 107/125] usb: ehci-orion: fix probe for !GENERIC_PHY Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 108/125] usblp: do not set TASK_INTERRUPTIBLE before lock Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 109/125] usb: phy: omap-otg: fix uninitialized pointer Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 113/125] USB: ti_usb_3410_5052: Add Honeywell HGI80 ID Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 116/125] usb: xhci: fix checking ep busy for CFC Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 117/125] ALSA: usb-audio: add packet size quirk for the Medeli DD305 Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 118/125] ALSA: usb-audio: prevent CH345 multiport output SysEx corruption Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 119/125] ALSA: usb-audio: work around CH345 input " Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 122/125] tty: Fix tty_send_xchar() lock order inversion Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 123/125] xhci: Workaround to get Intel xHCI reset working more reliably Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 124/125] staging/lustre: use jiffies for lp_last_query times Greg Kroah-Hartman
2015-12-07 15:02 ` [PATCH 4.3 125/125] xen/events: Always allocate legacy interrupts on PV guests Greg Kroah-Hartman
2015-12-07 17:19 ` [PATCH 4.3 000/125] 4.3.1-stable review Shuah Khan
2015-12-09  3:14   ` Greg Kroah-Hartman
2015-12-07 21:28 ` Guenter Roeck
2015-12-09  3:25   ` Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151207145755.039153771@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=johannes.berg@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=ola.olsson@sonymobile.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).